WC Password Strength Settings

Description

Introduced in recent versions of WooCommerce, there is an integrated Password Strength Meter which forces users to use strong passwords. Sometimes this isn’t desirable – with this plugin, you can choose between four password levels ranging from “Anything Goes” to “Strong Passwords Only”. In addition, you can modify the colors and appearance of these custom messages, as well as modify or remove the password hint. For details on how the password strength is determined, please read the documentation here.

What’s New?

2.0.0 is a complete rewrite of the plugin, meaning you may have to check your settings after updating. In the new version, you have the ability to change messaging colors, hide the emoji display, and hide or alter the Password Hint generated by WooCommerce.

Notes

While this does allow for user accounts to have weaker passwords, it’s a good idea to still encourage strong password use – especially for administrators!

Planned Features

Option to hide – ” – Please enter a stronger password.” suffix for weak passwords to allow more admin control and message flexibility.

Option to display a link to a password strength calculator to the user.

Add Multilingual support – I’m iffy on how to do this, so if you want to teach me, reach out!

Open to suggestions!

Installation

Download the plugin & install it to your wp-content/plugins folder (or use the Plugins menu through the WordPress Administration section)

Activate the plugin

Navigate to WooCommerce > Settings > Accounts and edit the fields at the bottom. There, you can choose the strength of the required passwords as well as change the messaging that appears as a user enters their password, change colors, and change any password guidelines.

Save and enjoy!

FAQ

Installation Instructions

Download the plugin & install it to your wp-content/plugins folder (or use the Plugins menu through the WordPress Administration section)

Activate the plugin

Navigate to WooCommerce > Settings > Accounts and edit the fields at the bottom. There, you can choose the strength of the required passwords as well as change the messaging that appears as a user enters their password, change colors, and change any password guidelines.

Save and enjoy!

Q: What does each level do?

A: The levels range from 1 (lowest) to 4 (highest). As passwords are typed, the strength meter will dynamically update – this will disable the “Sign Up” button until the requirements have been met. It should be noted that there IS technically a Level 0, but that doesn’t display anything so it’s not used.

Q: Where does this meter show up?

A: This should appear wherever the Password Strength Meter appears – in the “My Account” page or during Checkout.

Q: How is the password strength determined?

A: The password strength is determined by code in WordPress core, more specifically using a library called “zxcvbn”, created by Dropbox. There’s a more in-depth description of how this works in the plugin documentation.

Q: This allows weak passwords during account creation in checkout – what gives?

A: This is unfortunately unavoidable. As of writing, WooCommerce doesn’t validate the password strength in the checkout page, so while the strength meter will show it doesn’t enforce it. This isn’t something I’m able to work around, so share that you want validation on the password strength requirements in the official WooCommerce Ideas Board – once it’s active in WooCommerce, it will automatically be active here. 🙂

Reviews

In our setup, this allowed users to create accounts at checkout that were less than the required settings. This resulted in Woocommerce being unable to auto log them in after checkout. They also couldn’t log in manually, as the password didn’t meet the requirements in the backend.

WordPress password requirements are the epitome of programmers telling customers what to do without having to deal with the day to day headaches of customer support or sales conversions. Yes, it is more secure. No, it is not worth it.

https://xkcd.com/936/

Being able to specify a reasonable level of security or turn it off altogether is an absolute lifesaver.